Friday, August 22, 2008

Virus alert: online verification from Westpac Bank

I just received an online verification email from Westpac Bank and thought I would review this type of malicious email.

Unlike many other emails this email appears to come from an email address for the Westpac Bank which is online@westpac.com.au. Rest assured this is a fake email and the address has been faked. It was not sent from WestPac.

The email looks OK, but as you can see the grammar is incorrect. Since a bank most likely uses automated systems with responses which are professionally reviewed, these types of errors are less likely. You will notice I have highlighted the use of plurals where it should be singular. A good sign of a fake is the language used. Sometimes however the language difference can be subtle and not all of us are strong on grammar.

" Monitor your transaction history and statements because your Westpac Bank online account may have been compromised.
We also suspect an unauthorised transactions has been taken place on your accounts.
Please take a simple step to secure your information and reduce your risk of falling victim to online threats now ."

The real give away however is in the link in the email in the following text.

Click Here For Westpac Bank Transactions Verification

If you hover your mouse over the link the web site address will appear. If you check the domain you will see it is not a WestPac domain.

I see a considerable number of fake emails which are supposedly from banks. These emails are known as phishing attempts, where they try to get you to log on to a fake site so they can collect your log on details.

I don't receive these emails into my computer because I use OzEfilter, but I actually have a much better technique that I use.

I do not provide my email address to the bank. If the bank doesn't have my email address then any email I receive from a bank is a fake. If the bank wants to contact me, they can contact me by telephone or via the postal service. I've only received one call in the last few years from the bank which wasn't telemarketing.

I highly recommend if you have registered your email address with your bank, to ask them to remove it. You then can't be tricked by one of the fake emails. Very simple and very effective.

- Kelvin

No comments:

Post a Comment